1. Field of the Invention
Embodiments of the present invention generally relate to the field of network communication, and more particularly, to security and authentication of network communications when transmitting sensitive information entered via webpage forms.
2. Description of the Related Art
For the vast majority of network communications (e.g., the internet), unsecured transmission is acceptable. However, information transmitted according to the Transmission Control Protocol/Internet Protocol (TCP/IP) is vulnerable to eavesdropping and tampering. Systems connected to the internet may intercept, replay, or reproduce an IP packet. Thus, more sensitive information such as financial transactions, medical records, and confidential company business requires secure transmissions. In response to the desire for secure network communications, a standard for security protocol known as the Secure Sockets Layer (SSL) was developed by Netscape Communication Corporation.
SSL is an enhancement to the TCP/IP standards of network protocol for secure communication between two devices. To establish a secure connection where user authentication is required—such as logging into a bank's website for financial transactions—a user is typically required to enter a username and a password into an HTML (hypertext markup language) form on an SSL-protected webpage viewed through a browser on a network client. The client may establish a secure TCP/IP connection to the server on a special port (e.g., 443, as opposed to the default web port 80).
After this connection is established, the client and server exchange handshake messages that ascertain the method for data transfer and the exchange of keys between the two devices. Once a pair of keys is exchanged, the client and server may send the HTML form data and other information as authenticated and encrypted data over that particular connection.
As those skilled in the art will recognize, however, only the server is typically authenticated according to SSL protocol, while the client's identity is not ensured (i.e., the client remains unauthenticated). Client-side digital certificates are not required by most web applications due to complexity, cost, logistics and effectiveness issues. In addition, the password, credit card number, social security number, or other such sensitive information is essentially presented to the server as clear text data, even though it is transmitted according to SSL protocol.
These flaws allow for so-called man-in-the-middle attacks as illustrated in FIG. 1 where an attacker 102 may be able to read, insert and modify messages between a client 104 and a bank server 106 at will without either party knowing that the supposedly secure connection between them has been compromised. Trusting that the connection was secure, a user may have entered a personal username 108 and password 110 into an HTML form 112 displayed on a web browser 114 and logged into what the user believes to be his or her financial institution. However, the attacker 102 may have intercepted the transmission and acquired the username 108 and password 110. Because the outer SSL connection does not authenticate the client 104, the bank server 106 has no way of verifying the client 104 properly established a secure communication stream between the bank server 106 and the client browser 114. Thus, it may be a simple matter for the attacker 102 to then log into the bank server 106 and withdraw money from the user's bank account. The attacker 102 can also create fake accounts in the user's name, ruin a user's credit or even prevent the user from accessing his or her own accounts.
In an effort to mitigate these problems, a number of improvements have been attempted including bidirectional authentication and the use of a SiteKey. Bidirectional authentication, also known as mutual authentication or two-way authentication, refers not only to a server authenticating itself to a client, but also to a client or user authenticating itself to a server in such a manner that the identity of both parties is ensured. This is typically accomplished without interaction from the user. Bidirectional SSL provides the same features as conventional SSL with the addition of authentication and non-repudiation of the client, thereby preventing attackers from successfully impersonating customers to financial institutions in order to conduct fraudulent transactions. However, there is currently no method to alert a user entering sensitive information into an HTML form whether bidirectional authentication will be utilized to post the form data or whether the user's password, social security number, credit card information, and the like will be transmitted securely.
The second attempted improvement mentioned is the use of a SiteKey, implemented by Bank of America Corporation. While logging into the Bank of America website and after entering an Online ID, the browser displays a user's personal SiteKey if the bank server recognizes the client computer. The SiteKey is an image pre-selected by the user to inform him or her that the user is connected to the valid Bank of America website and may then safely transmit the user's Passcode (password). If the bank server does not recognize the client computer, then the server asks a challenge question pre-selected by the user that he or she must respond to with the same answer used during the initial SiteKey configuration. This type of recognition of the client by the server helps prevent attacks on the server.
Moreover, the proper use of the SiteKey should prevent the type of man-in-the-middle attack called phishing, or more specifically pharming, where a user is unknowingly redirected to a fraudulent website containing portions copied from the legitimate website. Since the fraudulent website's pages look familiar, users may be tricked into inputting and submitting sensitive information to an attacker that can subsequently exploit this information. An incorrect or missing SiteKey should caution the user that they have reached a fraudulent website, but does not prevent the user from entering sensitive information into an HTML form and transmitting it to an attacker if the user is not paying attention or does not understand that a phishing attack is occurring. Thus, the passive SiteKey method relies on user training and vigilance during logins.
Accordingly, what is needed is a method of securely posting HTML form data involving sensitive information (e.g., passwords, credit card numbers and social security numbers) that actively alerts a user when insecure posting is attempted.